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Abstract: We present a combination of raising, explicit variable dependency representation, the liberalized S- 
rule, and preservation of solutions for first-order deductive theorem proving. Our main motivation is to provide the 
foundation for our work on inductive theorem proving. 
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1 Introduction 



The paper organizes as follows: After explaining the technical terms of the title in § 1 and the 
remaining basic notions in § 2, we start to explicate the differences between our two versions of 
calculi in § 3. The weak version is explained in § 4. The changes necessary for the strong version 
in order to admit liberalization of the 5-rule are explained in § 5. After concluding in § 6 we 
append all the proofs, references, and notes. 



1.1 Without Skolemization 



In this paper we discuss how to analytically prove first-order theorems in contexts where Skolem- 
ization is not appropriate. Skolemization has at least three problematic aspects. 

1. Skolemization enrichs the signature or introduces higher-order variables. Unless special 
care is taken, this may introduce objects into empty universes and change the notion of 
term-generatedness or Herbrand models. Above that, the Skolem functions occur in an- 
swers to goals or solutions of constraints^ which in general cannot be translated into the 
original signature. For a detailed discussion of these problems cf. Miller (1992). 

2. Skolemization results in the following simplified quantification structure: 

For all Skolem functions u there are solutions to the free 7-variables e (i.e. the 
free variables of Fitting (1996)) such that the quantifier-free theorem T{e,u) is 
valid. 

Short: Vil. 3e. r(e, m). 

Since the state of a proof attempt is often represented as the conjunction of the branches 
of a tree (e.g. in sequent or (dual) tableau calculi), the free 7-variables become "rigid" or 
"global", i.e. a solution for a free 7-variable must solve all occurrences of this variable in 
the whole proof tree. This is because, for So, . . . , -B„ denoting the branches of the proof 
tree, 

V-u. 3e. ( So A . . . A S„ ) 
is logically strictly stronger than \/u. {3e. Bq /\ ... A 3e. S„ ). 
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Moreover, with this quantification structure it does not seem to be possible to do inductive 
theorem proving by finding, for each assumed counterexample, another counterexample 
that is strictly smaller in some wellfounded ordering.^ The reason for this is the following. 
When we have some counterexample u for T(e, ?I) (i.e. there is no e such that T(e, u) is 
valid) then for different e different branches Bi in the proof tree may cause the invalidity 
of the conjunction. If we have applied induction hypotheses in more than one branch, for 
different e we get different smaller counterexamples. What we would need, however, is one 
single smaller counterexample for all e. 

3. Skolemization increases the size of the formulas. (Note that in most calculi the only relevant 
part of Skolem terms is the top symbol and the set of occurring variables.) 



The first and second problematic aspects disappear when one uses raising (cf. Miller (1992)) 
instead of Skolemization. Raising is a dual of Skolemization and simplifies the quantification 
structure to something like: 

There are raising functions e such that for all possible values of the free 5-vari- 
ables u (i.e. the nuUary constants or "parameters") the quantifier-free theorem T(e, u) 
is valid. 

Short: 3e. V-u. r(e, «). 

Note that due to the two duality switches "unsatisfiability/validity" and "Skolemization/ 
raising", in this paper raising will look much like Skolemization in refutational theorem proving. 
The inverted order of universal and existential quantification of raising (compared to Skolemiza- 
tion) is advantageous because now 

3e. W. {Bq h ... ^Bn) 

is indeed logically equivalent to 3e. ( V?l. Bq /\ ... A \/u. Bn ) . 

Furthermore, inductive theorem proving works well: When, for some e, we have some counter- 
example u for T(e, u) (i.e. T(e, u) is invalid) then one branch Bj, in the proof tree must cause 
the invalidity of the conjunction. If this branch is closed, then it contains the application of an 
induction hypothesis that is invalid for this e and the u' resulting from the instantiation of the 
hypothesis. Thus, u' together with the induction hypothesis provides the strictly smaller counter- 
example we are searching for for this e. 

The third problematic aspect disappears when the dependency of variables is explicitly rep- 
resented in a variable-condition, cf. Kohlhase(1995). This idea actually has a long history, cf. 
Prawitz (1960), Kanger (1963), Bibel (1987). Moreover, the use of variable-conditions admits the 
free existential variables to be first-order. 
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1.2 Sequent and Tableau Calculi 

In Smullyan(1968), rules for analytic theorem proving are classified as a-, p-, 7-, and 5-rules 
independently from a concrete calculus. 

CK-rules describe the simple and the 

/3-rules the case-splitting prepositional proof steps. 

7-rules show existential properties, either by exhibiting a term witnessing to the existence or else 
by introducing a special kind of variable, called "dummy" in Prawitz(1960) and Kanger 
(1963), and "free variable" in footnote 1 1 of Prawitz (1960) and in Fitting (1996). We will 
call these variables free ^-variables. By the use of free 7-variables we can delay the choice 
of a witnessing term until the state of the proof attempt gives us more information which 
choice is likely to result in a successful proof. It is the important addition of free 7-vari- 
ables that makes the major difference between the free variable calculi of Fitting (1996) and 
the calculi of Smullyan(1968). Since there use to be infinitely many possibly witnessing 
terms (and different branches may need different ones), the 7-rules (under assistance of the 
/?-rules) often destroy the possibility to decide validity because they enable infinitely many 
7-rule applications to the same formula. 

5-rules show universal properties simply with the help of a new symbol, called a "parameter", 
about which nothing is known. Since the present free 7-variables must not be instantiated 
with this new parameter, in the standard framework of Skolemization and unification the 
parameter is given the present free 7-variables as arguments. In this paper, however, we 
will use nuUary parameters, which we call free 5-variables. These variables are not free in 
the sense that they may be chosen freely, but in the sense that they are not bound by any 
quantifier. Our free 5-variables are similar to the parameters of Kanger (1963) because a 
free 7-variable may not be instantiated with all of them. We will store the information on 
the dependency between free 7-variables and free ^-variables in variable-conditions. 
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1.3 Preservation of Solutions 

Users even of pure Prolog are not so much interested in theorem proving as they are in answer 
computation. The theorem they want to prove usually contains some free existential variables 
that are instantiated during a proof attempt. When the proof attempt is successful, not only the 
input theorem is known to be valid but also the instance of the theorem with the substitution 
built-up during the proof. Since the knowledge of mere existence is much less useful than the 
knowledge of a term that witnesses to this existence (unless this term is a only free existential 
variable), theorem proving should — if possible — always provide these witnessing terms. Answer 
computation is no problem in Prolog's Horn logic because it is so simple. But also for the more 
difficult clausal logic, answer computation is possible. Cf. e.g. Baumgartner &al. (1997), where 
tableau calculi are used for answer computation in clausal logic. Answer computation becomes 
even harder when we consider full first-order logic instead of clausal logic. When 5-steps occur 
in a proof, the introduced free universal variables may provide no information on what kind of 
object they denote. Their excuse may be that they cannot do this in terms of computability or 
A-terms. Nevertheless, they can provide this information in form of Hilbert's £-terms, and the 
strong versions of our calculi will do so. When full first-order logic is considered, one should 
focus on preservation of solutions instead of computing answers. By this we mean at least the 
following property: 

All solutions that transform a proof attempt for a proposition into a closed proof (i.e. 
the closing substitutions for the free 7-variables) are also solutions of the original 
proposition. 

This again is closely related to inductive theorem proving: Suppose that we finally have shown 
that for the reduced form i?(e, u) (i.e. the state of the proof attempt) of the original theorem 
T{e, u) (cf. the discussion in § 1.1), there is some solution e such that for each counterexample u 
of R{e, u) there is a counterexample u' for the original theorem and that this u' is strictly smaller 
than u in some wellfounded ordering. In this case we have proved T(e, u) only if the solution e 
for the reduced form Vm. R{e,u) is also a solution for the original theorem \/u. T{e,u). 



5 



1.4 The Liberalized 6-m\e 



We use 'l±)' for the union of disjoint classes and 'id' for the identity function. For a class R we 
define domain, range, and restriction to and image^ and reverse-image of a class A by 



We define a sequent to be a list of formulas."^ The conjugate of a formula ^4 (written: A) is the 
formula S if A is of the form -iB, and the formula -lA otherwise. Note that the conjugate of the 
conjugate of a formula is the original formula again, unless it has the form -i-iB. 

In the tradition of Gentzen(1935) we assume the symbols for free 'j -variables (i.e. the free 
variables of Fitting (1996)), /ree 5-variables (i.e. nuUary parameters), bound variables (i.e. vari- 
ables for quantified use only), and the constants (i.e. the function (and predicate) symbols from 
the signature) to come from four disjoint sets V^, V^, Vbou„d. and E. We assume each of V^, y,, 
Vbound to be infinite (for each sort) and set V^ee '■— V^ttlV^. Moreover, due to the possibility to 
rename bound variables w.l.o.g., we do not permit quantification on variables that occur already 
bound in a formula; i.e. e.g. Vx: A is only a formula in our sense if A does not contain a quantifier 
on X like \/x or 3x. The simple effect is that our 7- and 5-rules can simply replace all occurrences 
ofx. For a term, formula, sequent T &c., 'H(r)', 'H(r)', 'Vbo,„d(^)', 'Vbee{ry denote the sets 
of variables from V^, V^, Vbou^d', ^hee occurring in F, resp.. For a substitution a we denote with 
Tcr' the result of replacing in F each variable x in dom(o-) with a{x). Unless stated otherwise, 
we tacitly assume that each substitution a satisfies Vbound(dom(o') U ran(a)) = 0, such that no 
bound variables can be replaced and no additional variables become bound (i.e. captured) when 
applying a. 



A variable-condition i? is a subset of V, x Yg. Roughly speaking, {x'', y") G R says that x^ is 
older than y*, so that we must not instantiate the free 7-variable x'' with a term containing y''. 

While the benefit of the introduction of free 7-variables in 7-rules is to delay the choice of 
a witnessing term, it is sometimes unsound to instantiate such a free 7-variable x'^ with a term 
containing a free 5-variable that was introduced later than x^: 



dom(i?) 



{a I 3b. {a,b)eR} 
{b I 3a. {a,b)eR} 
{{a,b)eR \ aeA} 



ran(i?) 

a]R 

{A)R 

R{B) 



{b I 3a e A {a,b)eR} 
{a I 3beB. {a,b)eR} 
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Example 1.1 

3x. Vy. {x^y) 

is not deductively valid. We can start a proof attempt via: 
7-step: 

Vy. {x~'^y). 

5-step: 

Now, if we were allowed to substitute the free 7-variable x^' with the free 5- variable y\ we would 
get the tautology {y^ = y^) , i.e. we would have proved an invalid formula. In order to prevent 
this, the 5-step has to record {x'^, y^) in the variable-condition, which disallows the instantiation 
step. 



In order to restrict the possible instantiations as little as possible, we should keep our variable- 
conditions as small as possible. Kanger (1963) and Bibel (1987) are quite generous in that they 
let their variable-conditions become quite big: 

Example 1.2 

3x. ( P{x) V Vy. -P(y) ) 

can be proved the following way: 
7-step: 

( P{x-^) V My. -P(2/) ). 

a-step: 

P(x-), Vy. -P(y). 

5-step: 

P{x-), -^P{y'). 

Instantiation step: 

The last step is not allowed in the above citations, so that another 7-step must be applied to the 
original formula in order to prove it. Our instantiation step, however, is perfectly sound: Since x'^ 
does not occur in Vy. -'P(y), the free variables and y^ do not depend on each other and there 
is no reason to insist on being older than y^. Note that moving-in the existential quantifier 
transforms the original formula into the logically equivalent formula ^x. P{x) V My. ^P{y), 
which (after a preceding a-step) enables the 5-step introducing y^ to come before the 7-step 
introducing x''. 



Keeping small the variable-conditions generated by the 5-rule results in non-elementary reduc- 
tion of the size of smallest proofs. This "liberalization of the 5-rule" has a history ranging from 
Smullyan(1968) over Hahnle & Schmitt(1994) to Baaz & Fermuller(1995). While the liberal- 
ized 5-rule of Smullyan(1968) is already able to prove the formula of Example 1.2 with a single 
7-step, it is much more restrictive than the more liberalized (5-rule of Baaz & FermuUer (1995). 
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Note that liberalization of the 5 -rule is not simple because it easily results in unsound calculi, 
cf. Kohlhase(1995) w.r.t. our Example 1.3 and Kohlhase(1998) w.r.t. our Example5.18. The 
difficulty lies with instantiation steps that relate previously unrelated variables: 

Example 1.3 

3x. \/y. Q{x,y) V 3u. \/v. -iQ(t',M) 
is not deductively valid (to wit, let Q be the identity relation on a non-trivial universe). 

Consider the following proof attempt: One a-, two 7-, and two liberalized 5-steps result in 

Q{x-,y'), -QKii-) (*) 

with variable-condition 

R {u'',v')}. (#) 

(Note that the non-liberalized 5-rule would additionally have produced (x^, v^) or (m^, y*) or both, 
depending on the order of the proof steps.) 

When we now instantiate x'' with v\ we relate the previously unrelated variables u'' and y^. 
Thus, our new goal 

Q{v',y'), ^Qiv^u-') 

must be equipped with the new variable-condition {{u'', y^)}. Otherwise we could instantiate u'^ 
with y*, resulting in the tautology Q(v*, y^) , -'Q{v\ y^) . 

Note that in the standard framework of Skolemization and unification, this new variable-con- 
dition is automatically generated by the occur-check of unification: When we instantiate x'^ with 

v\u') in 

Q{x\y\x^)), -Q(^;V),«") 

we get 

Q{v\u^),y\v\u-^))), --Q{v\u^),u^), 
which cannot be reduced to a tautology because y^{v\u^)) and u' cannot be unified. 
When we instantiate the variables x'^ and in the sequence (*) in parallel via 

(7 := {x-'^v^ W^y^}, ($) 

we have to check whether the newly imposed variable-conditions are consistent with the substi- 
tution itself. In particular, a cycle as given (for the R of (#)) by 

y^ R x"' R 

must not exist. Although this sounds fairly difficult, the formal treatment is quite simple. 
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2 Basic Notions, Notations, and Assumptions 

We make use of "[. . . ]" for stating two definitions, lemmas, or theorems (and their proofs &c.) in 
one, where the parts between '[' and '] ' are optional and are meant to be all included or all omitted. 
'N' denotes the set of and the ordering on natural numbers. We define N+ := { n e N | 
OT^n }. 

Let 'i?' denote a binary relation. R is said to be a relation on A if dom(i?) U ran(i?) C A. 
R is irreflexive if id fl i? = 0. It is A-reflexive if A,id C i?. Simply speaking of a reflexive 
relation we refer to the biggest A that is appropriate in the local context, and referring to this A 
we write to ambiguously denote a , id. Furthermore, we write R^ to denote R. For n G N+ 
we write 7?"+^ to denote R^oR^ such that i?" denotes the n step relation for R. The transitive 
closure of R is i?+ := IJrieN+ reflexive & transitive closure of i? is R* := IJneN 

The reverse^ of R will be denoted with R'^. R is terminating if there is no s : N — > dom(i?) 
with Si R Sj+i for all i e N. 

Furthermore, we use '0' to denote the empty set as well as the empty function or empty word. 
By an (irreflexive) ordering '<' (on A) we mean an irreflexive and transitive binary relation (on 

A), sometimes called "strict partial ordering" &c. by other authors. A reflexive ordering '< ' on 
A is an A-reflexive, antisymmetric, and transitive relation on A. The reflexive ordering on A of 
an ordering < is (< U id) n (Ax/l). An ordering < is called wellfounded if > is terminating; 
where, as with all our asymmetric relation symbols, > := <~^. The class of total functions 
from A to B is denoted with A ^ B. The class of (possibly) partial functions from A to B is 
denoted with A B. 

Validity is expected to be given with respect to some S-structure (S-algebra) A, assigning a 
universe (to each sort) and an appropriate function to each symbol in E. For X C Vaec we denote 
the set of total .A- valuations of X (i.e. functions mapping free variables to objects of the universe 
of A (respecting sorts)) with X — > A. and the set of (possibly) partial A-valuations of X with 
X -w A. For TT e X — > A. we denote with ' AWtt' the extension of A to the variables of X which 
are then treated as nuUary constants. More precisely, we assume the existence of some evaluation 
function 'eval' such that eval(A.l±)7r) maps any term over StblX into the universe of A (respecting 
sorts) such that for all a; e X: eval(A.l±)7r)(a;) = 7r{x). Moreover, eval(w4l±)7r) maps any formula 
B over Ei±)X to TRUE or FALSE, such that B is valid in AWtt iff eval{A^Ti){B) = TRUE. We 
assume that the Substitution-Lemma holds in the sense that, for any substitution a, E-structure A, 
and valuation TT e V^ee — A validityofaformulai?inA.tbl(((7l±l Vfrec\dom((T),id) o eval(A.l±)7r)) is 
logically equivalent to validity of Ba in A^n. Finally, we assume that the value of the evaluation 
function on a term or formula B does not depend on the free variables that do not occur in 
B: eval(A.l±)7r)(i?) = eval(A W Vfree(s)-'^)(-^)- Further properties of validity or evaluation are 
definitely not needed. 
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3 Two Versions of Variable-Conditions 

In this section we foraially describe two possible choices for the formal treatment of variable-con- 
ditions. The weak version works well with the non-liberalized 5-rule. The strong version is a little 
more difficult but can be used for the liberalized versions of the 5-rule. The presented material is 
rather formal, but this cannot be avoided and the following sections will be less difficult then. 

Several binary relations on free variables will be introduced. The overall idea is that when 
(x, y) occurs in such a relation this means something like "x is older than y" or "the value of y 
depends on or is described in terms of x". 

Definition 3.1 (E^, UJ 

For a substitution a with dom{a) = V, we define the existential relation to be 

E„ := { (x', x)\ x' e V^{a{x)) A x e V, } 
and the universal relation to be 



Definition 3.2 ([Strong] Existential i?-Substitution) 

Let i? be a variable-condition. 

a is an existential R- substitution if cr is a substitution with dom((T) = for which U^^o R is 
irreflexive. 

cr is a strong existential R-substitution if cr is a substitution with dom(cr) = for which 
{UaO RY is a wellfounded ordering. 

Note that, regarding syntax, (x^, y^) e i? is intended to mean that an existential i?-substitu- 
tion cr may not replace with a term in which y^ occurs, i.e. (y*, x"') G must be disallowed, 
i.e. Ua°R must be irreflexive. Thus, the definition of a (weak) existential /^-substitution is 
quite straightforward. The definition of a strong existential /^-substitution requires an additional 
transitive closure because the strong version then admits a smaller R. To see this, take from Ex- 
ample 1.3 the variable-condition R of (#) and the cr of ($). As explained there, cr must not be a 
strong existential /?- substitution due to the cycle y^ u' R f * x"' R which just contradicts 
the irreflexivity of (UaoR)^. Note that in practice w.l.o.g. Ua and R can always be chosen to 
be finite, so that irreflexivity of [UcroRY is then equivalent to (UaoR)^ being a wellfounded 
ordering. 
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After application of a [strong] existential i?-substitution a, in case of (x^, y^^ e i?, we have to 
ensure that x'' is not replaced with via a future application of another [strong] existential R- 
substitution that replaces a free 7-variable v? occurring in a[x'') with y\ In this case, the new 
variable-condition has to contain [v?, y^). This means that E^joR must be a subset of the updated 
variable-condition. For the weak version this is already enough. For the strong version we have 
to add an arbitrary number of steps with UcroR again. 

Definition 3.3 ([Strong] cr-Update) 

Let be a variable-condition and cr be an [strong] existential i?-substitution. 
The [strong] a -update of R is E'^-oi? [ o ([/^oi?)*]. 



Example 3.4 

In the proof attempt of Example 1.3 we applied the strong existential i?-substitution 

a' := {x"'t-^v^} W v^\{a;^} ,id 
where R^{{x'',y^), {u'',v^)}. Note that 

U^^^iiv^x-^)} 

and 

-Ect' = V^\{a;^},id. 

Thus: 

E^,oRo{U^,oR)'' = {{u'',v')} 
E„.oRo{U,,oRf = {{u\y')} 
E^,oRo{Ua'oRf = 

The strong cr'-update of R is then the new variable-condition 

{{u-',v'), {u'',y')}. 
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Let A be some E-structure. We now define a semantic counterpart of our existential i?-substitutions, 
which we will call "existential {A, i?) -valuation". Suppose that e maps each free 7- variable not 

directly to an object of A (of the same sort), but can additionally read the values of some free 
(5-variables under an ^-valuation ir E Vg ^ A, i.e. e gets some n' E Vs A with n'Cn as a 
second argument; short: e : ^ {(Vg A) A) . Moreover, for each free 7-variable x, we 
require the set of read free 5-variables (i.e. dom(7r')) to be identical for all tt; i.e. there has to be 
some "semantic relation" C V^x such that for all x E V^: 

e{x) : {S,{{x}) ^A)^A. 

Note that, for each e, at most one semantic relation exists, namely 

:= {{y,x)\ y G dom(lJ (dom(e(x)))) A a; G V^, }. 

Definition 3.5 (Se, [Strong] Existential {A, i?) -Valuation, e) 

Let i? be a variable-condition, A a E-structure, and e : — > {(Vg A) A). 
The semantic relation of e is Se ■— {{y,x) \ y E dom((J (dom(e(a;)))) A x eV^}. 

e is an existential {A, R)-valuation if R is irreflexive and, for all x E V^, 

e{x) : {Selx}) ^ A) A. 

e is a strong existential {A, R)-valuation if {Se o R^ is a wellfounded ordering and, for all 

X E V,, 

e{x) : {Se{{x}) ^A)^A. 

Finally, for applying [strong] existential {A, i?) -valuations in a uniform manner, we define the 
function 

e: {Y^^{{Y,^A)^A)) ^ ((V, ^ ^) ^ (V, ^ ^)) 
by(eGV,^((V,'^^)^^), ttgV.^A xeYJ 

e{e){n){x) :^ e{x){s,{{x}) ,n). 



Lemma 3.6 Let Rbe a variable-condition. 

1. Let R' be a variable-condition with RC.R'. 

For each [strong] existential {A, R') -valuation e' there is some 
[strong] existential {A, R)-valuation e such that e(e) = e(e'). 

2. Let a be a [strong] existential R-substitution and R' the [strong] a-update of R. 

For each [strong] existential {A, R') -valuation e' there is some 
[strong] existential {A, R) -valuation e such that for all vr G V,, — > A: 

e(e)(7r) = cr o eval(>l 1±) e(e')(7r) l±) tt). 
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4 The Weak Version 



We are now going to define /?- validity of a set of sequents with free variables, in terms of validity 
of a formula (where the free variables are treated as nuUary constants). 

Definition 4.1 (Validity) 

Let /? be a variable-condition, A a S-structure, and G a set of sequents. 

G is R-valid in A if there is an existential {A, -R)-valuation e such that G is (e, ^)-valid. 

G is (e, A)-valid if G is (tt, e, ^)-valid for all tt e — > ^. 

G is (tt, e, A)-valid if G is valid in ^ ttl e(e) (tt) I±I tt. 

G is vfl//J in ^ if T is valid in A for all T e G. 

A sequent T is valid in A if there is some formula listed in F that is valid in A. 

Validity in a class of E-structures is understood as validity in each of the E-structures of that 
class. 

If we omit the reference to a special E-structure we mean validity (or reduction, cf. below) in 

some fixed class K of E-structures, e.g. the class of all S-structures (S-algebras) or the class of 
Herbrand S-structures (term-generated E-algebras), cf. Wirth& Gramlich(1994) for more inter- 
esting classes for establishing inductive validities. 

Lemma 4.2 (Anti-Monotonicity of Validity in R) 

Let G be a set of sequents and R and R' variable-conditions with RC.R'. Now: 
IfG is R' -valid in A, then G is R-valid in A. 



Example 4.3 (Validity) 

For x'^ e V^., G V,,, the sequent x''=y^ is 0-valid in any A because we can choose Se := V^x 
ande(a;^)(7r) := T:{y') resulting in e(e)(7r)(a;^) = e{x'<){s,({x'<}) .t^) = e(a;^)(y5,7r) = 7r{y'). This 
means that 0-validity of x'^—y^ is the same as validity of \/y. 3x. x—y. Moreover, note that 
e(e)(7r) has access to the tt- value of y'' just as a raising function / for x in the raised (i.e. dually 
Skolemized) version /(y of Vy. 3x. x—y. 

Contrary to this, for R := V^x V^, the same formula x'^=y^ is not i?- valid in general because 
then the required irreflexivity of iSgO/? implies 5'e = 0, and e(a;^) (5^(1^7}) ,vr) = e(,x^)(0,7r) = 
e(a;^)(0) cannot depend on vrd/*) anymore. This means that (V^xV^)- validity of x^'=y^ is the 
same as validity of 3x. Vy. x—y. Moreover, note that e(e) (tt) has no access to the 7r-value of y^ 
just as a raising function c for x in the raised version c—y^ of 3x. Vy. x—y. 

For a more general example let G = { Ai^ . . . Ai^ni-i \ i^I }, where for i e 7 and j -< rii the 
Aij are formulas with free 7- variables from x and free (5-variables from y. Then (V^xV^) -validity 
of G means validity of 3a;. Vy. Vi e I. 3j -< rii. Aij; whereas 0-validity of G means validity of 

Vy. 3x. Mi el. 3j -<ni. Aij. 
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Besides the notion of validity we need the notion of reduction. Roughly speaking, a set Go of 
sequents reduces to a set Gi of sequents if validity of Gi implies validity of Go- This, however, is 

too weak for our purposes here because we are not only interested in validity but also in preserving 
the solutions for the free 7-variables: For inductive theorem proving, answer computation, and 
constraint solving it becomes important that the solutions of Gi are also solutions of Gq. 

Definition 4.4 (Reduction) 

Go R-reduces to Gi in A if for all existential {A, i?) -valuations e: 

if Gi is (e, ^) -valid then Go is (e, ^) -valid, too. 



Lemma 4.5 (Reduction) 

Let R, R' be variable-conditions; A a Ti-structure; Go, Gi, G2, and G3 sets of sequents. Now: 

1. (Validity) 

If Go R-reduces to Gi in A and Gi is R-valid in A, 
then Go is R-valid in A, too. 

2. (Reflexivity) 

In case of GqCGi: Go R-reduces to Gi in A. 

3. (Transitivity) 

IfGo R-reduces to Gi in A and Gi R-reduces to G2 in A, 
then Go R-reduces to G2 in A. 

4. (Additivity) 

IfGo R-reduces to G2 in A and Gi R-reduces to G3 in A, 
then GoUGi R-reduces to G2UG3 in A. 

5. (Monotonicity in R) 

In case of RC.R': IfGo R-reduces to Gi in A, then Go R' -reduces to Gi in A. 

6. (Instantiation) 

For an existential R-substitution a, and R! the a -update of R: 

(a) IfG{)(j is R' -valid in A, then Gq is R-valid in A. 

(b) IfGo R-reduces to Gi in A, then Gocr R! -reduces to Gia in A. 
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Now we are going to abstractly describe deductive sequent and tableau calculi. We will later 
show that the usual deductive first-order calculi are instances of our abstract calculi. The benefit 

of the abstract version is that every instance is automatically sound. Due to the small number of 
inference rules in deductive first-order calculi and the locality of soundness, this abstract version 
is not really necessary. For inductive calculi, however, due to a bigger number of inference rules 
(which usually have to be improved now and then) and the globality of soundness, such an abstract 
version is very helpful, cf. Wirth & Becker (1995), Wirth(1997). 

Definition 4.6 (Proof Forest) 

A (deductive) proof forest in a sequent (or else: tableau) calculus is a pair {F, R) where i? is a 
variable-condition and F is a set of pairs {F, t), where F is a sequent and t is a tree*^ whose nodes 
are labeled with sequents (or else: formulas). 

Note that the tree t is intended to represent a proof attempt for F. The nodes of t are labeled with 

formulas in case of a tableau calculus and with sequents in case of a sequent calculus. While the 
sequents at the nodes of a tree in a sequent calculus stand for themselves, in a tableau calculus all 
the ancestors have to be included to make up a sequent and, moreover, the formulas at the labels 
are in negated form: 

Definition 4.7 (Goals(), AX, Closedness) 

'Goals(T)' denotes the set of sequents labeling the leaves of the trees in the set T (or else: the set 
of sequents resulting from listing the conjugates of the formulas labeling a branch from a leaf to 
the root in a tree in T). 

In what follows, we assume AX to be some set of axioms. By this we mean that AX is V^x V^- 
valid. (Cf. the last sentence in Definition 4.1.) 

The tree t is closed if Goals ({i}) C AX. 

The readers may ask themselves why we consider a proof forest instead of a single proof tree 
only. The possibility to have an empty proof forest provides a nicer starting point. Besides that, 
if we have trees (F, t), (F', t') G F we can apply F as a lemma in the tree t' of F' , provided 
that the lemma application relation is acyclic. For deductive theorem proving the availability of 
lemma application is not really necessary. For inductive theorem proving, however, lemma and 
induction hypothesis application of this form becomes necessary. 

Definition 4.8 (Invariant Condition) 

The invariant condition on (F, R) is that {F} i?-reduces to Goals({i}) for all (F, t) e F. 
Tlieorem 4.9 

Let the proof forest (F, R) satisfy the above invariant condition. Let (F, t) e F. 
If t is closed, then F is R-valid. 
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Theorem 4.10 

The above invariant condition is always satisfied when we start with an empty proof forest 
{F, R) :— (0, 0) and then iterate only the following kinds of modifications of {F, R) ( resulting in 
{F', R')): 

Hypothesizing: Let R! be a variable-condition with RCR'. Let F be a sequent. Let t be the 
tree with a single node only, which is labeled with F (or else: with a single branch only, 
such that F is the list of the conjugates of the formulas labeling the branch from the leaf to 
the root). Then we may set F' :— F \J {{F, t)}. 

Expansion: Let {F, t) e F. Let R' be a variable-condition with RC.R'. Let I be a leaf in t. Let 
A be the label of I (or else: result from listing the conjugates of the formulas labeling the 
branch from I to the root of t). Let G be a finite set of sequents. Now if {A} R' -reduces 
to G (or else: { AA \ AeG}), then we may set F' := (F\{(r, t)}) U {{F, t')} where t' 
results from t by adding to the former leaf I, exactly for each sequent A in G, a new child 
node labeled with A (or else: a new child branch such that A is the list of the conjugates of 
the formulas labeling the branch from the leaf to the new child node of I). 

Instantiation: Let a be an existential R-substitution. Let R! be the a -update of R. Then we may 
set F' := Fa. 



While Hypothesizing and Instantiation steps are self-explanatory, Expansion steps are parameter- 
ized by a sequent A and a set of sequents G such that {A} i?'-reduces to G. For tableau calculi, 
however, this set of sequents must actually have the form { A A \ AeG} because an Expansion 
step cannot remove formulas from ancestor nodes. This is because these formulas are also part of 
the goals associated with other leaves in the proof tree. Therefore, although tableau calculi may 
save repetition of formulas, sequent calculi have substantial advantages: Rewriting of formulas in 
place is always possible, and we can remove formulas that are redundant w.r.t. the other formulas 
in a sequent. But this is not our subject here. For the below examples of a-, (3-, 7-, and 5-rules 
we will use the sequent calculi presentation because it is a little more explicit. When we write 

ilo ■ ■ ■ iIn-1 

we want to denote a sub-rule of the Expansion rule which is given by G := {i7o, . . . , i7„_i} 
and R' := RU R". This means that for this rule really being a sub-rule of the Expansion rule 
we have to show that {A} /?' -reduces to G. By Lemma 4.5(5) and because R does not matter 
here, it suffices that we actually show that {A} i?"-reduces to G. Moreover, note that in old times 
when trees grew upwards, Gerhard Gentzen would have written ilo ■ ■ ■ ^n-i above the line 
and A below, such that passing the line meant implication. In our case, passing the line means 
reduction. 
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Let ^ and S be formulas, T and il sequents, x e Y^ound, x"' eV^\ V^{A, rU), ^ and e V, \ 
a-rules: 



/3-rules: 



7-rules: 



5-rules: 



r (AyB) n 
A B r n 

r ^{AhB) n 

'A ^ r n 

r ^^A n 
A r n 

r {aab) n 










A 


r n 


B r n 




r - 


^{AyB) n 


'A 


r n 


'B' r n 




r 


3x:A n 



A{x^x'<} r 3x:An 

r -^yx-.A n 



A{x^x-<} r ^Vx:A n 

r \/x:A n 












A{x^x'} r n ' > ^ ^ 

r ^3x:A n 

^ VAA, rn) X {x'] 

A{x^x'} r n 



Theorem 4.11 

The above examples of a-, j3-, 7-, and S-rules are all sub-rules of the Expansion rule of the 
sequent calculus of Theorem 4.10. 



5 The Strong Version 
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The additional solutions (or existential substitutions) of the strong version (which admit additional 
proofs compared to the weak version) do not add much difficulty when one is interested in validity 
only, cf. e.g. Hahnle & Schmitt(1994). When also the preservation of solutions is required, 
however, the additional substitutions pose some problems because the new solutions may tear 
some free (5-variables out of their contexts: 

Example 5.1 (Reduction & Liberalized 5-Steps) 

In Example 1.2 a liberalized 5-step reduced 

P(a;-), V|/. -P(|/) 

to 

P(x-), -P(y^) 

with empty variable-condition R:— 

The latter sequent is (e, ^)-valid for the strong existential {A, -R)-valuation e given by 

e{x'<){n) n{y'). 

The former sequent, however, is not (e, ^)-valid when P'^(a) is true and P'^(&) is false for some 
a, b from the universe of A. To see this, take some tt with 7r{y^) h. 



How can we solve the problem exhibited in Example 5.1? I.e. how can we change the notion of 
reduction such that the liberalized 5-step becomes a reduction step? 

1. The approach we tried first was to allow a slight modification of e to e' such that 
e'{x'^){'K) — a. This trial finally failed because it was not possible to preserve reduction 
under Instantiation-steps. 

E.g., an Instantiation- step with the strong existential i?-substitution {x'^i— transforms 
the reduction of Example 5.1 into the reduction of 

P(y^), Vy.-P(y) 

to 

P(y^), -P(yO. 

Taking tt, e, and A as in Example 5.1, the new latter sequent is still (e, ^)-valid. There is, 
however, no modification e' of e such that the new former sequent is (tt, e', ^)-valid. 

Thus, with this approach, reduction could not be preserved by Instantiation-steps. 

Moreover, the modification of e does not go together well with our requirement of preser- 
vation of solutions. 
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2. Learning from this, the second approach we tried was to allow a slight modification of tt 
instead. E.g., for the reduction step of Example 5.1, we would require the existence of 

some r] G {y''} — > A such that the former sequent is (v^\{y^} ,vrl±l?7, e, ^)-valid instead of 
(tt, e, ^)- valid. Choosing i] := {y^\-^a} would solve the problem of Example 5.1 then: 
Indeed, the former sequent is {y^\^ysy ^n^rj, e, v4.)-valid because for the e of Example 5.1 

we have e(x^)(v,\{3,*},7rWr/) = {y^\{ysy ,7r\Sri){y') = a. 

Moreover, with this approach, reduction is preserved under Instantiation-steps. 

The problems with this approach arise, however, when one asks whether there has to be a 
single rj for all tt or, for each tt, a different rj. 

If we require a single rj, we cannot model liberalized 5-steps where another free (5-variable, 
say z\ occurs in the principal formula, as, e.g., in the reduction of 

to 

z^^x'', z^^y^ 

with empty variable-condition. In this case, for the e of Example 5.1 (which gives 
the value of y*) the i] E {y^} A must change when the vr-value of z'' changes: E.g., 
for vr := {y^t-^a, z^t-^b} we need r]{y") := b, while for vr := {y^t-^b, z^t-^a} we need 
r]{y^) := a. Indeed, in the reduction above, is functionally dependent on z\ 

If, on the other hand, we admit a different rj for each tt, the transitivity of reduction (cf. 
Lemma 4.5(3)) gets lost. 

Thus, the only solution can be that rj depends on some values of tt and not on others. Since 
the abstract treatment of this gets very ugly and does not extract much information on the 
solution of free 7-variables of the original theorem from a completed proof, we prefer to 
remember what role the free ^-variables introduced by liberalized 5-steps really play. And 
this is what the following definition is about. 



Definition 5.2 (Choice-Condition, Extension) 

C is a {R, <) -choice-condition if C is a (possibly) partial function from into the set of 
formulas, i? is a variable-condition, < is a wellfounded ordering on with {Ro <) C i?, and, 
for all y^ e dom(C): 

z' < y' for all z' e Vs{C{y'))\{y'} 

and 

u-'Ry' forallW eV^{C{y')). 

(C, R', <') is an extension of (C, R, <) if CCC, RCR', and C is a {R', <')-choice- 
condition. 

Note that is a (i?, 0) -choice-condition for any variable-condition R. For the meaning of choice- 
conditions cf. Definition 5.6. 
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Definition 5.3 (Extended Strong cr -Update) 

Let C be a (7?, <) -choice-condition and a a strong existential i?-substitution. 

The extended strong a-update (C, i?', <') of (C, R, <) is given by 

C := { {x, Ba) I {x, B)eC}, 
R' is the strong a-update of R, 
<' := < o {UaoR)* U {U^oRy. 

Lemma 5.4 (Theorem 62 in Doornbos &al. (1997)) 

If A and B are two terminating relations with AoB C. A \J Bo[A[J B)* , 
then AU B is terminating, too. 

Lemma 5.5 (Extended Strong a-Update) 

Let C be a {R, <) -choice-condition, a a strong existential R-substitution, and {C',R', <') the 
extended strong a-update of{C, R, <). Now: C is a {R', <')-choice-condition. 

Definition 5.6 (Compatibility) 

Let C be a (R, <) -choice-condition, A a S-structure, and e a strong existential (A, i?) -valuation. 
We say that tt is (e, A)-compatible with C if tt e — >^ .4 and for each e dom(C): 

If C{y^) is (tt, e, ^)-valid, 

then C{y^) is {ws\{yS}.T^ W ^, e, ^)-valid for all r] e {y^} A. 

Note that (e, ^) -compatibility of vr with {{y\ B)} means that a different choice for the vr-value 
of y^ does not destroy the validity of the formula B m A'S e(e)(7r) l±) tt, or that 7r(y'') is chosen 
such that B becomes invalid if such a choice is possible, which is closely related to Hilbert's 
£-operator (y" — ey. {-'B{y"h^y}) ). 



We are now going to proceed like in the previous section, but using the strong versions instead of 
the weak ones. 

Definition 5.7 (Strong Validity) 

Let C be a {R, <) -choice-condition, A a S-structure, and G a set of sequents. 

G is C -strongly R-valid in A if there is a strong existential {A, i?) -valuation e such that G is 

C-strongly (e, .4.)- valid. 

G is C-strongly (e, A)-valid if G is (tt, e, ^)-valid for each tt that is (e, ^)-compatible with C. 
The rest is given by Definition 4.1. 

Lemma 5.8 (Anti-Monotonicity in R and Monotonicity in C) 

Let G be a set of sequents, C a {R, <)-choice-condition, and C' a {R', <') -choice-condition with 

RCR' and C'CC. Now: 

IfG is C' -strongly R' -valid in A, then G is C-strongly R-valid in A. 
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Example 5.9 (Strong Validity) 

Note that 0-validity does not differ from 0-strong 0- validity and that V^xy,- validity does not 
differ from 0-strong V^xV^- validity. This is because the notions of weak and strong existential 
valuations do not differ in these cases. Therefore, Example 4.3 is also an example for strong 
validity. 

Although 0-strong i?- validity always implies (weak) i?-validity (because each strong existen- 
tial {A, /2)-valuation is a (weak) existential (A. /?)-valuation), for R not being one of the ex- 
tremes and y^xYg, (weak) i?- validity and 0-strong i?- validity differ from each other. E.g. the 
sequent (*) in Example 1.3 is (weakly) i?- valid but not 0-strongly i?-valid for the R of (#): 
For Se :— {{y\u'^), {v\x'')} we get S^oR = {{y\v^), {v\y^)}, which is irreflexive. 
Since the sequent (*) is (e, ^)-valid for the (weak) existential i?)- valuation e given by 
e{x''){se{{x'y}) .T^) = 7r(f*) and e{u'')(s,,({u-f}} .t^) = T^iv^), the sequent (*) is (weakly) i?-valid 
in A. But {SgoR}^ is not irreflexive, so that this e is no strong existential {A, -R) -valuation, 
which means that the sequent (*) cannot be 0-strongly i?-valid in general. 

For nonempty C, however, we must admit that C-strong i?- validity is hard to understand. 
We have to make sure that C-strong i?- validity can be easily understood in terms of 0-strong 
i?'-validity for some R', which again implies (weak) i?' -validity and 0-validity. Note that this 
difficulty did not arise in the weak version because Lemma 4.2 states anti-monotonicity of (weak) 
-R- validity in R, whereas Lemma 5.8 states anti-monotonicity of C-strong /^-validity in R but 
only monotonicity of C-strong i?-validity in C. 



Lemma 5.10 (Compatibility and Validity) 

Let A be a Ti-structure, C a {R, <)-choice-condition, and e a strong existential {A, R)- 
valuation. 

Define < := (5'e U i? U <)+. 

1. < is a wellfounded ordering on Vf^^- 

2. There is a function ^ : ( (V5\dom(C)) —>■ A ) —>■ [ dom(C) A ) such that, 
for all TT, tt' e (V5\dom(C)) A, tt ttl is (e, A)-compatible with C, and, 
forx e dom(C), <({x}),7r = <{{x}) ^ implies ^^{x) = i^>{x). 

3. Let G be a set of sequents and <^ G (H(C) fl dom(C)) (Vy\V^(C)) be injective. 

(a) IfG is C-strongly (e, A)-valid, then G<, is ^-strongly R' -valid in A 

for R' v,van(.),i? U |J {y} x {{q-\y)])< U V, x dom(C), 

J/Gran(<j) 

where < is the reflexive ordering on of <l. 

(b) IfGis C-strongly R-valid in A, then Gq is 0-strongly v^\ran(<;) , R-valid in A and even 
0-strongly R" -valid in A 

for R" := v,van(,),^ U (J M X ({r'(y)})< U V, x dom(C). 

2/eran(g) 
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Definition 5.11 (Strong Reduction) 

Let C be a {R, <) -choice-condition, A a E-structure, and Go, Gi sets of sequents. 

Go strongly (i?, C)-reduces to Gi in A if for each strong existential [A, -R)-valuation e and each 
TT that is (e, ^) -compatible with C: 

if Gi is (tt, e, vA)-valid, then Gq is (tt, e, w4)-valid. 
Lemma 5.12 (Strong Reduction) 

Let C be a {R, <)-choice-condition; A a 'E-structure; Gq, Gi, G2, and G3 sets of sequents. Now: 

1. (Validity) 

Assume that Gq strongly {R, C) -reduces to Gi in A. Now: 

IfGi is G-strongly (e, A)-validfor some strong existential R)-valuation e, 
then Gq is G-strongly (e, A)-valid. 

IfGi is G-strongly R-valid in A, then Gq is G-strongly R-valid in A. 

2. (Reflexivity) 

In case of GqQGi: Gq strongly {R, G)-reduces to Gi in A. 

3. (Transitivity) 

If Go strongly {R, G)-reduces to Gi in A and Gi strongly {R, G)-reduces to G2 in A, 
then Go strongly {R, G)-reduces to G2 in A. 

4. (Additivity) 

If Go strongly {R, G)-reduces to G2 in A and Gi strongly {R, G)-reduces to G3 in A, 
then GqUGi strongly {R, G)-reduces to G2UG3 in A. 

5. (Monotonicity) 

For {G', R', <') being an extension of {C, R, <): 

If Go strongly {R, G)-reduces to Gi in A, then Go strongly {R', G')-reduces to Gi in A. 

6. (Instantiation) 

For a strong existential R-substitution a, and the extended strong a-update (C, R', <') 
of{G,R, <); 

(a) IfGocr is G'-strongly R'-valid in A, then Go is G-strongly R-valid in A. 

(b) If Go strongly {R, G)-reduces to Gi in A, 

then Goa strongly {R', G')-reduces to Gia in A. 
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Now we are going to abstractly describe deductive sequent and tableau calculi. We will later 
show that the usual deductive first-order calculi are instances of our abstract calculi. 

Definition 5.13 (Strong Proof Forest) 

A strong ( deductive) proof forest in a sequent (or else: tableau) calculus is a quadruple (F, C, R, < 
) where C is a {R, <) -choice-condition and F is a set of pairs (r, t), where T is a sequent and t 
is a tree whose nodes are labeled with sequents (or else: formulas). 

The notions of Goals(), AX, and closedness of Definition4.7 are not changed. Note, however, 
that the VyXVr validity of AX immediately implies the 0-strong V^xV^- validity of AX, which 
(by Lemma 5.8) is the logically strongest kind of C-strong i?- validity. 

Definition 5.14 (Strong Invariant Condition) 

The strong invariant condition on (F, C, R, <) is that {F} strongly {R, C)-reduces to Goals({i}) 
for all (r, t) e F. 

Theorem 5.15 

Let the strong proof forest {F, C,R,<) satisfy the above strong invariant condition. Let {F, t) e F 
and t be closed. Now: 

F is C-strongly R-valid and, for any injective ? e (H(F) fl dom(C)) — > (V\Uj{F)), 
Fq is ^-strongly y^\rs.n{q) , R-valid and even ^-strongly R' -valid for 

R' v,\ran(.),i? U |J M X ({^-^(2/)})< U V, X dom(C). 

j/eran(<;) 



Theorem 5.16 

The above strong invariant condition is always satisfied when we start with an empty strong proof 
forest (F, C, R, <) := (0, 0, 0, 0) and then iterate only the following kinds of modifications of 
(F, C, i?, <) (resulting in (F', C", R\ <') ): 

Hypothesizing: Let R' := RUR" be a variable -condition with {R"o<) C R'. Set C := C and 
<' := <. Let F be a sequent. Let t be the tree with a single node only, which is labeled with 
F (or else: with a single branch only, such that F is the list of the conjugates of the formulas 
labeling the branch from the leaf to the root). Then we may set F' := F U {(F, t)}. 

Expansion: Let [C, R', <') be an extension of (C, R, <). Let (F, t) E F. Let I be a leaf in t. 
Let A be the label of I (or else: result from listing the conjugates of the formulas labeling 
the branch from I to the root of t). Let G be a finite set of sequents. Now if {A} strongly 

{R', C')-reduces to G (or else: {AA\ AeG]), then we may set F' := (F\{(F, t)}) U 
{(F, t')} where t' results from t by adding to the former leaf I, exactly for each sequent A 
in G, a new child node labeled with A (or else: a new child branch such that A is the list of 
the conjugates of the formulas labeling the branch from the leaf to the new child node of I). 

Instantiation: Let a be a strong existential R-substitution. Let (C, R\ <') be the extended 
strong a-update of (C, R, <). Then we may set F' := Fa. 



23 



While Hypothesizing and Instantiation steps are self-explanatory, Expansion steps are parame- 
terized by a sequent A and a set of sequents G such that {A\ strongly [R' , C")-reduces to G for 
some extension (C, i?', <') of (C, R, <). For the below examples of a-, (3-, 7-, and 5-rules we 
will use the sequent calculi presentation because it is a little more explicit. When we write 

A 

R" 

Uq ... iln-l 

we want to denote a sub-rule of the Expansion rule which is given by G :— {ilo, . . . , iln-i}, 
C := CU C", R' -.^ RU R", and <' := < U <". This means that for this rule really being 
a sub-rule of the Expansion rule we have to show that C is a {R', <') -choice-condition and that 
{A} strongly {R', C")-reduces to G. 

Let A and S be formulas, F and il sequents, x e Vbou^d, eY^\ V^{A, m), ^ and e \ 
( Vs{A, rn) U dom(<) U dom(C) ). 

a-rules: 

r {AyB) n 



/9-rules: 



A B r n 

r ^(AAg) n 
1 ^ r n 

r ^^A n 
A r n 

r (AAB) n 
















7-rules: 



A 


r n 


B r n 




r - 


.(Avs) n 


~A 


r n 


'B' r n 




r 


3x:A n 



A{xt-^x''} r 3x:A n ^ 

r -^.r:A n 


















Aix^x-*} r ^VxrA n 
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Liberalized (5-rules: 

r Mx-.A n 
A{x^x'} r n 



r n { {x\ A{x^x'} ) } 

P ^ U R{VIA))) X {x^} 



(V,(A) U R{Vs{A))) X M 
<(ViA)) X {x'} 



Theorem 5.17 

The above examples of a-, (3-, 7-, and liberalized 5-rules are all sub-rules of the Expansion rule 
of the sequent calculus of Theorem 5. 16. 



The following example shows that R" of the above liberalized 5-rule must indeed contain R{Vs{A))x 
Example 5.18 

3y. \fx. ( -^Q{x,y) V V^. Q{x,z) ) 

is not deductively valid (to wit, let Q be the identity relation on a non-trivial universe). 
7-step: 

Vx. ( ^Q{x, y-<) V Vz. Q(x, z) ) 

Liberalized 5-step: 

( ^Q{x\y-^) V V^. Q{x\z) ) 

with choice-condition [x^, (-iQ(a;'', y'') V ^z. Q{x^, z))) and variable-condition (y^, x^). 
a-step: 

-Q«r), ^z. Q{x\z) 

Liberalized (5-step: 

-^Q{x\y), Q{x\z') 

with additional choice-condition [z^, Q{x^, z^)) and additional variable-condition [y"', z^). 

Note that the additional variable-condition arises although y'^ does not appear in Q(a:*, z). 
The reason for the additional variable-condition is y^ Rx^ E Vs{Q{x\ z)). 

The variable-condition {y'', z^) is, however, essential for soundness, because without it we 
could complete the proof attempt by application of the strong existential {(y^, x'')}-substitution 

a- {|/^^^^} W v,\{2/^},id. 
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Another interesting point is that now that we have achieved our goal of UberaUzing our 5-rule and 
strictly increasing our proving possibilities, we must not use our original non-liberalized 5-rule of 
§ 4 anymore. This sounds quite strange on the first view, but is simply due to our changed notion 
of reduction. More precisely, 

r 'ix- A n ^ 
Weak 5-rule: — ' (V,(A, Til) U R{Vs{A, Til))) x {x'} 

A{x^x^i 11 <{v,{A,rn)) x{x'} 

does not describe a sub-rule of the Expansion rule of the sequent calculus of Theorem 5. 16. To 
see this, let us start with the empty proof tree (0, 0, 0, 0) and then hypothesize \/x. x—Q, which 
we abbreviate with F. Applying the above weak 5-rule we get x^=Q as the label of the only 
leaf in the tree t of the proof tree ((r, t), 0, 0, 0). But, while {r} does 0-reduce to {a;*=0} 
(i.e. Goals({t})), {F} does not strongly (0, 0)-reduce to {a;*=0}. To see this, consider some 
E-structure A with non-trivial universe, an arbitrary strong existential [A, 0) -valuation e, and 
some TT e ^ ^ with 7r(x*) = O"^. Then {x*=0} is (tt, e, ^)-valid, but {F} is not. If we 
had applied the liberalized 5-rule instead, we would have produced the proof tree {{F, t), C, 0, 0) 
with C = {{x\ x^=0)}. And, indeed, tt is not (e, ^)-compatible with C, and {F} does strongly 
(0, C)-reduce to {x'=0}. 

Note that there is a fundamental difference related to the occurrence of the universal quantifi- 
cation on TT between the notion of (weak) reduction 

. . . ( Vtt G (V, -> Gi (vr, e, y^l)-valid ) ^ ( Vtt e (V, ^ Go (tt, e, ^)-valid ) . . . 

and the notion of strong reduction 

...We{Ys^A)....{Gi{7i,e, ^)-valid Go (tt, e, .A)-valid ) . . . . 

This difference in the nature of reduction renders the weak version applicable in areas where the 
strong version is not. For this reason (and for the sake of stepwise presentation) we have included 
the weak version in this paper although the strong version will turn out to be superior in all aspects 
of the calculus of Theorem 5.17 treated in this paper. 

This fundamental difference in the nature of reduction cannot be removed: Suppose to weaken 

the notion of strong reduction in the following definition: Go quite-strongly {R, C)-reduces to Gi 
in A if for each strong existential {A, -R)-valuation e: if Gi is G-strongly (e, ^)-valid, then Go is 
G-strongly (e, ^)-valid. At first glance, this version seems to be very nice. One nice aspect is that 
quite-strong (i?, 0) -reduction is so similar to (weak) i?-reduction that we could omit the weak ver- 
sion because it would be very unlikely to find an application of the weak version where the strong 
version would not be applicable. Another nice aspect is that with quite-strong reduction we could 
easily adapt our intended version of inductive theorem proving as described in § 1 . 1 , which is not 
so easy with strong reduction because the induction hypotheses application becomes difficult. But 
for the (really essential!) monotonicity of reduction as given in Lemma 5. 12(5), quite-strong re- 
duction produces the following two additional requirements: dom(G'\G)n"H(Gi Uran(G)) = 
and V^{Gi) x dom(G'\G) C R'. While the first requirement is unproblematic, the second one 
restricts the 5-rule even more, which is the opposite of our intention behind the strong version, 
namely to liberalize the 5-rule. 
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Moreover, note that (as far as Theorem 5. 17 is concerned) the choice-conditions do not have any 
influence on our proofs and may be discarded. We could, however, use them for the following 
purposes: 

1. We could use the choice-conditions in order to weaken our requirements for our set of 

axioms AX: Instead of 0- strong VyX V^- validity of AX the weaker C-strong VyXV^- validity 
of AX is sufficient for Theorem 5. 15. 



2. If we add a functional behavior to a choice-condition C, i.e. if we require that for {x^, A) e 
C the value for is not just an arbitrary one from the set of values that make A invalid, 
but a unique element of this set given by some choice-function, then we can use the choice- 
conditions for simulating the behavior of the 5+ -rule of Beckert &al. (1993) by using the 
same free 5-variable for the same C-value and by later equating free 5-variables whose 
C- values become equal during the proof. 

3. Moreover, the choice-conditions may be used to get more interesting answers: 
Example 5.19 

Starting with the empty proof tree and hypothesizing 

Vx. Qix,x), 3y. ( -^Q{y,y) A^P{y) ), P{z'') 
with the above rules we can produce a proof tree with the leaves 

-^Qiy^y-^), Q{x\x'), 3y. ( ^Q{y,y) A ^P{y) ), P(^-) 

and 

-P(y-), Q{x\x'), 3y. ( -Q(y, y) A -P(y) ), P(^-) 
and the (0, 0) -choice-condition {{x\ Q{x\ x"))}. 

The strong existential 0-substitution {y''h^x\ z''i-^x^} l±l Y^\{y-/,zi} , id closes the proof 
tree via an Instantiation step. The answer x^ for our query variable z'^ is not very interesting 
unless we note that the choice-condition tells us to choose x^ in such a way that Q{x\ x^) 
becomes false. 

The rules of our weak version of § 4 are not only unable to provide any information on free 
5-variables, but also unable to prove the hypothesized sequent, because they can only show 

Vx. Q{x,x), 3y. ( ^Q{y,y)A^P{y) ), 3z. P{z) 

instead. 



Thus it is obvious that the calculus of Theorem 5. 17 is not only superior to the calculus of 
Theorem 4. 11 w.r.t. proving but also w.r.t. answer "computation". 
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Finally, note that (concerning the calculus of Theorem 5. 17) the ordering < is not needed at all 
when in the liberalized 5-steps we always choose a completely new free 5-variable that does 
not occur elsewhere and when in the Hypothesizing steps we guarantee that ran(i?") contains 
only new free 5- variables that have not occurred before. The former is reasonable anyhow, be- 
cause the free 5-variables introduced by previous liberalized 5-steps cannot be used because they 
are in dom(C) and the use of a free 5-variable from the input hypothesis deteriorates the result of 
our proof by giving this free 5-variable an existential meaning (because it puts it into dom(C)) as 
explained in Theorem 5. 15. The latter does not seem to be restrictive for any reasonable applica- 
tion. 



All in all, when interested in proving only, the (compared to the weak version) additional choice- 
condition and ordering of the strong version do not produce any overhead because they can simply 
be omitted. This is interesting because choice-conditions or Hilbert's e-expressions are some- 
times considered to make proofs quite complicated. When interested in answer "computation", 
however, they could turn out to be useful. 



W.r.t. the calculus of Theorem 5. 17 we thus may conclude that the strong version is generally 
better than the weak version and the only overhead seems to be that we have to compute transitive 
closures when checking whether a substitution a is really a strong existential i?-substitution and 
when computing the strong cr-update of R. But we actually do not have to compute the transitive 
closure at all, because the only essential thing is the circularity-check which can be done on a 
bipartite^ graph generating the transitive closures. This checking is in the worst case linear in 

1^1 + E( i^-i + i^-i ) 

cr 

and is expected to perform at least as well as an optimally integrated version (i.e. one without 
conversion of term-representation) of the linear unification algorithm of Paterson & Wegman 
(1978) in the standard framework of Skolemization and unification. Note, however, that the 
checking for strong existential i?-substitutions can also be implemented with any other unification 
algorithm. 

Not really computing the transitive closure enables another refinement that allows us to go 
even beyond the fascinating strong Skolemization of Nonnengart (1996). The basic idea of Nonnengart 
(1996) can be translated into our framework in the following simplified way. 

Instead of proving Vx: {AyB) it may be advantageous to prove the stronger \/x: A V \/x: B, 
because after applications of a- and liberalized 5-rules to Wx: A V Wx: B, resulting in 
A{x\-^x^^}, B{xi-^x''^}, the variable-conditions introduced for x\ and x'^ may be smaller than 
the variable-condition introduced for y'' after applying these rules to \/x: {A\/B), resulting in 
A{xi-^y'^}, B{xi-^y^}, i.e. i?({a;^}) and R{{x%}) may be proper subsets of Therefore 
the proof of Vx: A V Vx: B may be simpler than the proof of Vx: (AVB). The nice aspect of 
Nonnengart (1996) is that the proofs of Vx: A and Va;: (AVB) can be done in parallel with- 
out extra costs, such that the bigger variable-condition becomes active only if we decide that the 
smaller variable-condition is not enough to prove \/x: A and we had better prove the weaker 
yx:{AVB). 
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The disadvantage of the strong Skolemization approach of Nonnengart(1996), however, 
is that we have to decide whether to prove either Vx: A or else \/x:B in parallel to 

Vx: {AyB). In terms of Hilbert's e-operator, this asymmetry can be understood from the ar- 
gumentation of Nonnengart(1996), which, for some new variable z E Vtound and t denoting 
the term ez: {^A{xh^z} A (AV x=z)), employs the logical equivalence of Vx: {A\/B) with 
Vx: A V Vx: {B{xi-^t}) and then the logical equivalence of Vx: A with 3x: {A{xi-^t}). 

Now, if we do not really compute the transitive closures in our strong version, we 
can prove 74{xi— B{xi-^x%} in parallel and may later decide to prove the stronger 
A{xi-^y^}, B{xt-^y^} instead, simply by merging the nodes for and x% and substituting 

and x% with y\ 



6 Conclusion 



All in all, we have presented an easy to read combination of raising, explicit variable dependency 
representation, the liberalized 5-rule, and preservation of solutions for first-order deductive the- 
orem proving. Our motivation was not only to make these subjects more popular, but also to 
provide the foundation for our work on inductive theorem proving (cf. Wirth(1999)) where the 
preservation of solutions is indispensable. 

To our knowledge'" we have presented on the one hand the first sound combination of ex- 
plicit variable dependency representation and the liberalized 5-rule and on the other hand the first 
framework for preservation of solutions in full first-order logic. 

Finally, the described problems with the development of the strong version reveal unexpected 
details on the nature of the liberalized 5-rule, and the discussion at the end of § 5 opens up several 
new research directions. 
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7 The Proofs 

Proof of Lemma 3.6 

(1) : Since e' is a [strong] existential {A, -R') -valuation, Se'oR' [ o (Se'oR')*] is irreflexive [and 
a wellfounded ordering]. Since RCR\ we have Se'oR [ o (Se'oR)*] C Se'oR' [ o {Se'oR')*]. 
Thus Se'oR [ o (5*6' oi?)*] is irreflexive [and a wellfounded ordering], too. Therefore, setting 
e := e', we get a [strong] existential {A, i?)-valuation trivially satisfying the requirements. 

(2) : Here we denote concatenation (product) of relations 'o' simply by juxtaposition and assume 
it to have higher priority than any other binary operator. Let e' be some [strong] existential 
{A, -R') -valuation. Define Se :— Se'E^ U and the [strong] existential {A, i?) -valuation e by 

{xeY„T:'eS,{{x})^Ay. 

e(x)(7r') := eval(^ ttl e(e')(7r) W 7r)((7(x)) 

where tt e — > ^ is an arbitrary extension of tt'. For this definition to be okay, we have to prove 

the following claims: 

Claim 1: For y E Vs{o-{x)), the choice of tt D tt' does not influence the value of 7r(y). 

Claim 2: For x' G V^(cr(a;)), the choice of tt ^ tt' does not influence the value of e(e')(7r)(a;'). 

Claim 3: For the weak version we have to show that SeR is irreflexive. 

Claim 4: For the strong version we have to show that (SgR)'^ is a wellfounded ordering. 

Proof of Claim 1 : y EVs{a{x)) means {y,x)eUcr. By definition of -Sg we have {y,x)ESe, i.e. 

y e S^{{x}) = dom(7r'). Q.e.d. (Claim 1) 

Proof of Claim 2: x' EV^{a{x)) means [x' ,x) eE„. Thus by definition of Se we have 

Se'{{x\x)} C Se, i.e. Se'{{x'}) C Se{{x}) = dom(7r'). Therefore e(e')(7r)(a;') = 

e'(^')(se' ({*'}> = ^'i^')is,,{{x'}) y)- Q.e.d. (Claim 2) 

Proof of Claim 3: Since SeR = Se'E^R U U„R and U^jR is irreflexive (as a is an existential 
/^-substitution), it suffices to show irreflexivity of Se'E^R. Since R' is the cr-update of R, this is 
equal to Se'R', which is irreflexive because e' is an existential {A, i?') -valuation. 

Q.e.d. (Claim 3) 

Proof of Claim 4: Since cr is a strong existential it!-substitution, (Ua-R)'^ is a wellfounded or- 
dering. Thus, if (SeR)^ = {Se'E^RUU^RY = {U^RY U {U„R)\Se'E^R{UaR)y 
is not a wellfounded ordering, there must be an infinite descending sequence of the 
form y2i+2 (U^R)* y2^+l {Se'E„R{U„R)y y^i for aU i G N. But then 
l/2i+3 {Se'E„R{U„R)*Y |/2i+2 {UfjR)* i/2i+i, which contradicts the wellfoundedness of 
{Se'E^R{U^R)y{U^Ry = {Se'E^R{U^R)y = {Se'RT, where the latter step is due to R' 
being the strong cr-update of R. The latter relation is a wellfounded ordering, however, because 
e' is a strong existential i?')- valuation. Q.e.d. (Claim 4) 

Now, for n eVs-^ A and x eV^ we have 

e(e)(7r)(a;) = e{x){s4{^}) .tt) = eval(.A W e(e')(7r) W 7r)(a(a;)) 
i.e. e(e)(7r) = a o eval(.A i±) e(e')(7r) i±i tt). Q.e.d. (Lemma 3.6) 



Proof of Lemma 4.2 

This a trivial consequence of Lemma 3.6(1). 



Q.e.d. (Lemma 4.2) 
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Proof of Lemma 4.5 (1), (2), (3), and (4) are trivial. Note that (5) is a trivial consequence of 
Lemma 3.6(1). 

(6a): Suppose that Gqg is i?'-valid in A. Then there is some existential {A, -R') -valuation e' such 
that G^a is (e', ^)-valid. Then, by Lemma 3.6(2), there is some existential i?) -valuation e 
such that for all vr G V,, ^ ^: e(e)(7r) = a o eval(^ l±) e(e')(7r) l±) tt). Moreover, for y e we 
have: 7r(y) = eval(.A W e(e')(7r) l±) 7r)(i/), 

i.e. e(e)(7r) tb) tt = (aWy,,id) o eval(.A W e(e')(7r) Wtt). 

Thus, for any formula B, we have 

eval(^tb)e(e)(7r) W7r)(5) = 
eval(^ttl ((aW v«,id) o eval(^ l±) e(e')(7r) l±) 7r)))(5) = 
eval(.A tb) e(e')(7r) tb) 7i){Ba), 

the latter step being due to the Substitution-Lemma. 

Thus, for any set of sequents G': 

(e, ^)-validity of G' is logically equivalent to (e', ^)-validity of G'a . (:§) 
Especially, Go is (e, ^)-valid. Thus, Go is i?-valid in A. 

(6b): Let e' be some existential [A, i?') -valuation and suppose that Gia is (e', .4)-valid. Let e be 
the existential [A, -R)-valuation given by Lemma 3.6(2). Then, by (§) in the proof of (6a), Gi is 
(e, ^)-valid. By assumption, Gq it!-reduces to Gi. Thus, Go is (e, ^)-valid. By (§) in the proof 
of (6a), this means that Gqct is (e', ^)-valid. Q.e.d. (Lemma 4.5) 

Proof of Theorem 4.9 

Since AX is V^xYs-valid, t is closed, and R C V^x V^, by Lemma4.5(5), Goals({t}) is /?-valid. 
Since (-T, t) E F and (F, R) satisfies the invariant condition, {F} i?-reduces to Goals({t}). All 
in all, by Lemma 4.5( 1 ), T is i?- valid. Q.e.d. (Theorem 4.9) 

Proof of Theorem 4.10 

(0, 0) trivially satisfies the invariant condition. For the iteration steps, let {F", t") e F'. Assuming 
the invariant condition for (F, R), we have to show that {F"} i?' -reduces to Goals({i"}). 

Hypothesizing: In case of {F" ,t") e F, {F"} i?-reduces to Goals({t"}) by assumption, and 
then, due to RCR' and Lemma4.5(5), {F"} i?'-reduces to Goals({t"}). Otherwise we have 
{F",t") = {F,t). Then {F"} = {F} = Goals(0}) = Goals({f'}). Thus, by Lemma 4.5(2), 
{F"} i?'-reduces to Goals({t"}). 

Expansion: In case of {F", t") G F, {F"} /^-reduces to Goals({t"}) by assumption, and then, due 
to R(ZR' and Lemma4.5(5), {F"} i?'-reduces to Goals({t"}). Otherwise we have (F", t") = 
(F,t')- Since Goals({t})\{Z\} C Goals({t'}), by Lemma4.5(2), Goals({t})\{Z\} i?'-reduces 
to Goals({i'}). Thus, since by assumption {A\ i?' -reduces to a subset of Goals({i'}), by Lem- 
ma4.5(4) Goals({t}) F' -reduces to Goals({t'}). Moreover, due to (F, t)GF, by assump- 
tion {F} F-reduces to Goals({t}). Thus, by RCR' and Lemma4.5(5), {F} F' -reduces to 
Goals({t}). Thus, since Goals({t}) F' -reduces to Goals({t'}), by Lemma 4.5(3) {F} F'-reduces 
to Goals({t'}), i.e. {F"} F'-reduces to Goals({t"}). 

Instantiation: There is some (F, t) G F such that {F,t)a = {F",t"). By assumption, {F} 
F-reduces to Goals({i}). By Lemma4.5(6), {Fa} F'-reduces to Goals({i})(7, i.e. {F"} F'- 
reduces to Goals({i"}) . Q.e.d. (Theorem 4.10) 
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Proof of Theorem 4.11 

Let ^ be an arbitrary E-structure (S-algebra). We only prove the first example of each kind of 
rule to be a sub-rule of the Expansion rule and leave the rest as an exercise. 

g-rule: We have to show that {r (AwB) 11} 0-reduces to {A B T 11} in A. This is 
trivial, however, because (e, ^) -validity of the two sets is logically equivalent for each existential 
{A, 0) -valuation e. 

/?-rule: We have to show that {r (AaB) 77} 0-reduces to {A T B, B B B} in A. This is 
trivial, however, because (e, ^) -validity of the two sets is logically equivalent for each existential 
{A, 0) -valuation e. 

7-rule: We have to show that {B 3x: A B} 0-reduces to {A{xi-^x^} B 3x: A B} in A. 
This is the case, however, because (e, .A) -validity of the two sets is logically equivalent for each 
existential {A, 0) -valuation e. The direction from left to right is given because the former sequent 
is a sub-sequent of the latter. The other direction, which is the only one we actually have to show 
here, is also clear because (tt, e, ^)-validity of A{x\-^x''} implies (tt, e, ^)-validity of 3x: A. 
Although this is clear, we should be a little more explicit here because the standard semantic 
definition of 3 (cf. e.g. Wirth (1997), p. 188) does not use free 7-variables and is somewhat more 
complicated than it could be in terms of free 7-variables. Moreover, in the note above the theorem 
we remarked that the restriction on not occurring in the former sequent is not really necessary. 
Thus, in order to be more explicit here, assume that the latter sequent is (e, ^)-valid for some 
existential (A, 0)-valuation e. Let tt e — * ^. We have to show that the former sequent is 
(tt, e, ^)-valid. If this is not the case, A{xi-^x'^} must be (tt, e, ^)-valid. Let |/* G Vs\^s{A). 
Then, since A{xi-^y^}{y^i-^x''} is equal to A{xi-^x'^}, we know that A{xi-^y^}{y^i-^x'^} is 
validin ^l+le(e)(7r)l±l7r. Then, by the Substitution-Lemma, A{xi-^y''} isvalidin ^l+le(e)(7r)l+)7r' 
for tt' G V<) —> ^ given by Yg\{yS}.7T' ■= Yg\{y6},'^ and 7r'{y'') := e(e)(7r)(,T^). By the standard 
semantic definition of 3 and since quantification on x cannot occur in A (as 3x: A is a formula in 
our restricted sense, cf. § 1.4), this means that 3a;:(/l{a;i— >a;}) is validin ^l±)e(e)(7r) Wtt. 
Since y^ does not occur in A, this formula is equal to 3x:A, which means that the former sequent 
is (tt, e, ^) -valid as was to be shown. 

5-mle: We have to show that {B Vx: A B} i?"-reduces to {A{xt-^x^} B B} in A for 
R" = V^{A,BB) X {x''}. Assume that the latter sequent is (e,.A)-valid for some existential 
/^''-valuation e. Let tt G ^ A. We have to show that the former sequent is (vr, e, ^)-valid. 
If some formula in BB is (tt, e, .A)-valid, then the former sequent is (tt, e, ^)-valid, too. Oth- 
erwise, BB is not only invalid in ^ l±l e{e){n) l±l tt, but also in A^ ^{^){'^) ^ for 
tt' G — > ^ with \f^\{x^y — Ys\{x^,'^^ simply because x^ does not occur in BB. Because of 
V.{BB) X {x^} C i?", we know that BB must be even invalid in ^ W e(e)(7r') W tt'. Since the 
latter sequent is assumed to be (e, ^)-valid, this means that A{x^x^} is (tt', e, ^)-valid. Because 
of V^{A{x^x^}) X {x^} = V^{A) X {x'} C R", we know that A{x\-^x^} must be even valid 
in ^ l±) e(e) (vr) l±) tt' for all tt' G — > ^ with y5\{a;''} , = VsMx'^} • standard semantic 

definition of V (cf. e.g. Wirth (1997), p. 188) and since quantification on x cannot occur in A (as 
\/x: A is a formula in our restricted sense, cf. § 1.4), this means that yx:{A{x\-^x''}{x^i-^x}) is 
valid in ^l+l e(e) (vr) l+l tt. Since x^ does not occur in A, this formula is equal to Vx: A, which means 
that the former sequent is (tt, e, .A)-valid as was to be shown. Q.e.d. (Theorem 4.11) 
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Proof of Lemma 5.4 

Since in Doombos &al. (1997) Theorem 62 and especially its proof (which is used to illustrate 
the application of the very special framework of that paper) are not easy to read, we give an 
easier proof here that requires fewer set theoretical preconditions and uses induction only on 
u. It proceeds by showing the existence of a refutational element in a nonempty set of infinite 
descending sequences. 

Set F := dom{A) U ran(A) U dom(5) U ran(5). We show that C := {t:N-^F\ 
\/i e N. ti (AUB) } is empty. Otherwise we can choose s G C and families (-Di)jgN ^^'^ 
{Ei)^^-^^ of subsets of F inductively in the following way: 

^0 := { ^0 I teC }. Choose Sq such that it is S-irreducible in Dq, i.e. such that Sq G Dq and 
there is no t' G -Dq such that sq B f! . 

For n G N^: D„ := { t„ | teC ^ ^i^n.ti = Si A s„_iAt„}. E^ := { t„ | 
i G C A yi -<n. ti = Si A Sn-i B tn}- If -En is nonempty we choose s„ from En. Otherwise, 
we choose s„ to be S -irreducible in 

Since s E C and A is terminating, there is some minimal n G Nwith s„Ss„_|_i. We have n^O, 
because otherwise sq B si G Dq contradicts the choice of sq- Thus, {A\B) s„ B Sn+i- 
Since s„ i {A\B) s„, we know that s„ was chosen not from E^, but S-irreducible in Due 
to AoB C A Li Bo(AL) B)* we get two possible cases now. 

A Sn+i'- Then sq . . . .s„_is„+is„+2 • • • is an element of C. Thus, s^+i G Dn- Due to 
Sn B Sn+1, this contradicts s„ being 5-irreducible in Dn. 

Sn-i {Bo(^A U B)*) Sn+i'- Then there are some m G N and some 

So... Sn-iuo ■ . . UmSn+2Sn+3 ... in C with Sn-1 B uq and Um = Sn+1 • Thus, Mo G En, i.e. En 
is not empty. But this contradicts the fact that Sn was not chosen from En- Q.e.d. (Lemma 5.4) 



Proof of Lemma 5.5 

Here we denote concatenation (product) of relations 'o' simply by juxtaposition and assume it to 
have higher priority than any other binary operator. 

Claim 1: R'<' C R' . 

Proof of Claim 1 : Since C is a (i?, <) -choice-condition, we have R< C R. Thus, 

R'<' = E,R{U„RY{<{U,Ry U iU^RY) = E„{RU^y R<{U,Ry U E,R{U,Ry{U,RY C 
E„{RU^y R{U^Ry U E^RiU^Rylu^RY = E„R(U„Ry(U„Ry U E„R{U„Ry = 
E„R{U„Ry = R'. Q.e.d. (Claim 1) 
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Claim 2: <' is a wellfounded ordering on V^. 

Proof of Claim 2: Since C is a (i?, <) -choice-condition, we know that < is a wellfounded order- 
ing on and R< C R. 

Thus U^R< C f/^i?, 

([/,i?) + < = {UaR)*UaR< C {U^Ryu^R = (U,R)\ 
and <{U„Ry< = « U <(C/^i?)+< C < U <{U„RY = KiU^Rf . 

Since cr is a strong existential i?-substitution, we know that {U^RY is a is a wellfounded ordering 
on V^. By Lemma5.4 (setting A := and B := {U^R)~^) by the first of the above contain- 
ments, we know that <''^U{UaRy^ is terminating, which (due to <' = <([/^i?)* U (?7^/?)+ ) 
means that >' is terminating, too. Finally <' is also transitive, since by the above containments: 



<{u,Ry<{u^Ry c <{u^Ry{u^Ry = <{u^Ry c <' 
and <{u„Ry{u„Ry = <{u^Ry C <{U„Ry C <' 

and {u,Ry<{u^Ry C {U^Ry{U^Ry = {u^Ry C <' 

and {U„Ry{U,Ry C C <'. Q.e.d. (Claim 2) 



Claim 3: For all y' e dom(C"): For all z' e Vs{C' {y'))\{y'y. z' <' y\ 

Proof of Claim 3: Let z' e Vs{C' {y'y\{y'} . By the definition of C this means 
z^^Vs{C{y'))\{y'} or there is some e V-,{C{y'y with Ua W. Since C is a {R, <)- 
choice-condition, we have z^ < or z^ Ua R y". Thus, by definition of <' we have z^ <' y^. 

Q.e.d. (Claim 3) 

Claim 4: For all y' e dom(C"): For all e V^(C"(y*)): i?' y'. 

Proof of Claim 4: Let E "H(C"(y^)). By the definition of C there is some e V^(C(y^)) with 
u'' v^'. Since C is a (i?, <) -choice-condition, we have R y\ Thus, by definition of R' we 
havew^i^'l/^ Q.e.d. (Claim 4) Q.e.d. (Lemma 5.5) 



Proof of Lemma 5.8 

Since G is C'-strongly i?' -valid in A, there is some strong existential [A, i?') -valuation e' such 
that G is C'-strongly (e', ^)-valid. Let e be the strong existential {A, -R)-valuation with e(e) = 
e(e') given by Lemma 3.6(1) due to RCR'. Let tt be (e, ^)-compatible with C. It suffices to 
show that G is (tt, e, ^)-valid. Since the notion of (e, ^) -compatibility does not depend on the 
precise form of e besides e(e), we know that tt is also (e', ^)-compatible with C. Due to C'CG, 
TT is also (e', .A) -compatible with G'. Finally, since G is C'-strongly (e', .4) -valid, we conclude 
that G is (tt, e', ^)-valid, i.e. (tt, e, ^)-valid. Q.e.d. (Lemma 5.8) 



Proof of Lemma 5.10 

(1): Since C is a {R, <) -choice-condition, we know that < is a wellfounded ordering on and 
R Q V^x V^. Moreover, we have Se C V^x and V^nV^ = 0. Thus, if < is not wellfounded, 
then there is an infinitely descending sequence of the form y2i+2 Se y2i+i (-R o <) l/2i for all 
i e N. Since C is a {R, <) -choice-condition, we know that (Ro <) C R. Thus, we get 
y2i+2 Se y2i+i R y2i for all i e N. This means that {SeoRy is not wellfounded, which contradicts 
the assumption that e is a strong existential {A, i?) -valuation. 
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(2): Let tt e (V4\dom(C)) — > A. By noetherian induction on < and with the help of a choice 
function we can define some g e Vf,ec — .4. in the following way: For x e V^: g{x) :— 
^{^){se{{x}) .q)- For x G V^\dom(C): := 7r(x). For a; G dom(C): := a, where 

a is an element of the universe of A such that, if possible, C{x) is not (v^ , f?, e, ^)-valid. For 
this definition to be okay, we have to show, for each x G Vfr^e, that g{x) is defined in terms of 
<({x}}.Q- In case of xgV,, this is obvious because 5'eC<i. In case of x G Vj\dom(C), this 
is trivial. Thus, let x G dom(C). Since C is a (i?, <) -choice-condition, we have < x for 
all G Vs{C{x))\{x} and R x for all G ")/l,(C(a;)). Thus, since RC<, by induc- 
tion hypothesis, (y^, f?, e, ^)- validity of C{x) means validity of C{x) in A^g. Moreover, since 
<C<i, we know that g{x) is defined in terms of Vfyee{c{x))\{x} .Q ^ <{{x}} ,Q- Finally, we define 

Ctt dom(C),^- 

For showing that ttW^^ is (e, ^) -compatible with C, let G dom(C) and suppose that C{y'^) 
is (TTttl^TT, e, ^) -valid, i.e. {v^.g, e, ^) -valid. Thus, by definition of g, we know that, for all rj G 
{y"} A, C{y") is (v5\{2/'S} , Q^V^ ^)-valid, i.e. (ttWv^^Ij^^} , ^tt^??, e, ^)-valid. The rest is trivial. 

(3a): Let ^ be given as in (2). Define e' via 

e'(a;)(r) := ^^{^-^{x)) (a;Gran(^), r G ((VAdom(C)) n<({^"^(a;)})) ^ A where tt G 
(Vi\dom(C)) ^ ^ an arbitrary extension of r) and 

e'(x)(r) := e(x)(s,(W) , (ttWCtt)) (a; G V,\ran(^), r G ((VAdom(C)) n <({a;})) ^ A where 
TT G (y5\dom(C)) — > ^ an arbitrary extension of r). 

Note that this definition is okay because the choice of tt does not matter: For the first tt this 

is directly given by (2). For the second tt we have: Se{{x}) ,^ ^ <\{{x}) .^^ ^ t, and, for 
y G dom(C) n Se{{x}), by (2), ^„{y) is already determined by n C ,7r C r. 

The„5. = v,vo„,o,,ido( U <fc-'to)}>xWu U <^(MxW). 

\ j/Gran(i;) a;GVy\ran(i;) / 

Due to R' = v,VanW,idoi? U |J ^ ({?"'(l/)})< U V,xdom(C), we get 

2/eran(?) 

5*6' o R' C Va\dom(C) , id O 

U <{{^~'iy)})x{{'^~'iy)})^ u U (<({4)x{x})oi? u v,xdom(c)\ 

yeran(<j) xgV-y\ran(i;) / 

C y5\dom(c) , id o ( < U VjXdom(C) ). Thus, (Se'oR'^ is a wellfounded ordering because <1 
is wellfounded by (1). This means that e' is a strong existential {A, -R') -valuation. It now suffices 
to show that G<^ is (r, e', ^)-valid for all r G — > ^. Set tt := y5\dom(c) We get the following 
equalities for the below reasons: 

eval(^We(e')(r) Wr)(G'c^) 

eval(^ W ((v^,id W vAdomM ,id W ^) o eval(^ W e(e')(r) W t)))(G') = 

evalU W e(e')(T) W vAdom(,),r W (<^o(e(e')(T))))(G') 

eval(^ W e(e) (tt W W vAdom« ,r W dom^ ,C7r)(G') 

eval(^ W e(e) (tt l±l W tt l±l (G) = 

TRUE 

First: By the Substitution-Lemma. Second: By distributing o over U. Third: Since, for 
X G V^{G) we have x G Vy\ran(q-) and thus e(e')(r)(x) = e(e)(7r l±l ^7r)(x). Moreover, since, 

forx G dom(^), e{e'){r){<;{x)) = ^^(^"^(^(a;))) = ^^{x), we get (e(e')(r)) = dom(<r),^7r- 
Fourth: By noting that dom(^) = Vs{G) fl dom(C). Fifth: Because ttW^tt is (e, ^) -compatible 
with C (by (2)) and G is C-strongly (e, >l)-valid. 
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(3b): When G is C-strongly i?-valid in A, then there is some strong existential (i?, ^)-valuation e 
such that G is C-strongly (e,^)-valid. By (3a), G(; is 0-strongly i?'-valid in A. Since 
v-,\Te,n{-;) ,RQR" QR' , by Lemma 5.8, Gq is 0-strongly VT,\ran(?) , -R-valid and 0-strongly i?"-valid 
in A. Q.e.d. (Lemma 5.10) 



Proof of Lemma 5.12 

(1), (2), (3), and (4) are trivial. 

(5): Let e' be a strong existential {A, i?') -valuation and vr be (e', ^)-compatible with C such that 
Gi is (tt, e', .A)-valid. Let e be the strong existential {A, i?)-valuation with e(e) = e(e') given 
by Lemma 3.6(1) due to RCR'. Then tt is (e, ^)-compatible with C, and Gi is (tt, e, .A)-valid. 
Moreover, due to CCC", tt is (e, ^)-compatible with C. Thus, since Go strongly {R, G)-reduces 
to Gi, also Go is (tt, e, ^)-valid. This also means that Go is (tt, e', ^)-valid as was to be shown. 

(6a): Suppose that Gqct is G'-strongly i?'-valid in A. Then there is some strong existen- 
tial i?') -valuation e' such that Gqc is G'-strongly (e', ^)-valid. Then, by Lemma 3.6(2), 
there is some strong existential (.4, i?)-valuation e such that for all tt G — ^4: e(e)(7r) = 
a o eval(.A l±l e(e')(7r) l±) tt). Moreover, for y e we have: 7r{y) = eval(.A l±l e(e')(7r) l±l 7r)(|/), 
i.e. e(e) (tt) l±l TT = (cr l±l y, , id) o eval(^ l±l e(e') (tt) l±l tt) . 

Thus, for any formula B, we have 

eval(^W e(e)(7r) W 7r)(5) = 
eval(.Atb) ((o-W Vi,id) ocval(.4tb)e(e')(7r) tb)7r)))(B) = 
eval(^ tbi e(e') (tt) W tt) {Ba) , 
the latter step being due to the Substitution-Lemma. 

Thus, for any set of sequents G' and any n eYg^ A: 

(tt, e, .4)-validity of G' is logically equivalent to (tt, e', .A)-validity of GV. (:§i) 

Especially, for any tt G — > ^: 

TT is (e, ^)-compatible with G iff tt is (e', ^)-compatible with G'. (:§2) 

Thus, for any set of sequents G': 

G' is G-strongly (e, .4)-valid iff GV is G'-strongly (e', .4)-valid. 

Especially, Gq is G-strongly (e, ^)-valid. Thus, Go is G-strongly i?-valid in A. 

(6b): Let e' be some strong existential (^4, i?')- valuation, tt be (e', .4.) -compatible with G', and 
suppose that Gicr is (tt, e', .4)-valid. Let e be the existential (.4, i?)-valuation given by Lem- 
ma 3.6(2). Then, by (§2) in the proof of (6a), tt is (e, ^)-compatible with G, and, by (§1) in the 
proof of (6a), Gi is (vr, e, ^)-valid. By assumption, Go strongly {R, G)-reduces to Gi. Thus, Gq 
is (tt, e, w4)-valid, too. By (§1) in the proof of (6a), this means that Gocr is (vr, e', ^)-valid as was 
to be shown. Q.e.d. (Lemma 5.12) 
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Proof of Theorem 5.15 

Since AX is 0-strongly V^xV^-valid, t is closed, R C V^xV,, and C C, by Lemma5.8, 
Goals({t}) is C-strongly i?-valid. Since {F, t) E F and {F, C, R, <) satisfies the invariant con- 
dition, {F} strongly (i?, C)-reduces to Goals({t}). Then, by Lemma 5. 12(1), F is C-strongly 
i?-valid. Finally, by Lemma5.10(3b), F<^ is 0-strongly i?'-valid and 0-strongly Vy\raii(?) valid. 

Q.e.d. (Theorem 5.15) 



Proof of Theorem 5.16 

(0, 0, 0, 0) trivially satisfies the strong invariant condition. For the iteration steps, let {F", t") e 
F'. Assuming the strong invariant condition for (F, C, i?, <), we have to show that C is a (i?', <' 
) -choice-condition and that {F"} strongly (i?', C")-reduces to Goals({t"}). 

Hypothesizing: Due to the assumed -Ro< C R and the required R"o< C R' = R\JR", 
we have R' o < = {RUR") o < C RuR" = R' . Thus, C is a {R\ <) -choice-condition. 
Moreover, due to C' = C and <' = <, (C",i?', <') is an extension of {C,R,<). In case 
of (r", t") e F, {F"} {R, C)-reduces to Goals({i"}) by assumption, and then, due to Lem- 
ma 5. 12(5), {F"} strongly {R', C")-reduces to Goals({t"}). Otherwise we have {F'\ f") = {F, t). 
Then {F"} = {F} = Goals({t}) = Goals({f' }). Thus, by Lemma5.12(2), {F"} strongly 
{R', C")-reduces to Goals({t"}). 

Expansion: In case of {F",t")eF, {F"} C) -reduces to Goals({t"}) by assump- 
tion, and then, due to (C, i?', <') being an extension of (C, i?, <) and Lemma 5. 12(5), 
{r"} strongly (i?',C")-reduces to Goals({t"}). Otherwise we have {F" ,t") = {F,t'). Since 
Goals({i})\{Z\} C Goals({f}), by Lemma 5. 12(2), Goals({0)\{^} strongly (i?', C")-reduces 
to Goals({t'}). Thus, since by assumption {A} strongly (i?', C") -reduces to a subset of 
Goals({t'}), by Lemma5.12(4) Goals({t}) strongly (i?', C")-reduces to Goals({t'}). More- 
over, due to (r, t)eF, by assumption {F} strongly (i?, C)-reduces to Goals({t}). Thus, 
by Lemma5.12(5), {F} strongly (i?', C") -reduces to Goals({t}). Thus, since Goals({t}) 
strongly (i?', C") -reduces to Goals({i'}), by Lemma5.12(3), {F} strongly (i?', C")-reduces to 
Goals({i'}), i.e. {F"} strongly {R', C")-reduces to Goals({i"}). 

Instantiation: By Lemma 5.5, C is a (R', <') -choice-condition. There is some {F,t) E F such 
that {F,t)a = {F",t"). By assumption, {F} strongly {R, C)-reduces to Goals({t}). By Lem- 
ma 5. 12(6b), {Fa} strongly {R', C")-reduces to Goals{{t})a, i.e. {F"} strongly {R', C")-reduces 
to Goals({t"}). Q.e.d. (Theorem 5.16) 



Proof of Theorem 5.17 

Let A be an arbitrary E-structure (E-algebra). We only prove the first example of each kind of 
rule to be a sub-rule of the Expansion rule and leave the rest as an exercise. 

g-rule: We have to show that {F (AWB) 77} strongly (R, C) -reduces to{AB F 11} in A. This is 
trivial, however, because (vr, e, v4.)-validity of the two sets is logically equivalent for each strong 
existential {A, i?) -valuation e and tt eVs ^ A. 

/3-rule: We have to show that {F (AAB) 77} strongly {R, C)-reduces to {A F n, B F B} 
in A. This is trivial, however, because (tt, e, .A)-validity of the two sets is logically equivalent for 
each strong existential [A, 7?) -valuation e and tt e — > .A. 
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7-rule: We have to show that {F 3x:A 11} strongly {R, C)-reduces to {A{xi-^x''} F 3x:A iJ} 
in A. This is the case, however, because (tt, e, ^)-validity of the two sets is logically equivalent 
for each strong existential {A, i?) -valuation e and vr G ^ A. The direction from left to right 
is given because the former sequent is a sub-sequent of the latter. The other direction, which is 
the only one we actually have to show here, is also clear because (tt, e, .4)-validity of A{x^x''} 
implies (tt, e, ^)-validity of 3a;: A. Although this is clear, we should be a little more explicit 
here because the standard semantic definition of 3 (cf. e.g. Wirth(1997), p. 188) does not use 
free 7-variables and is somewhat more complicated than it could be in terms of free 7-variables. 
Moreover, in the note above the theorem we remarked that the restriction on x'^ not occurring in 
the former sequent is not really necessary. Thus, in order to be more explicit here, assume that the 
latter sequent is (tt, e, .A) -valid for some strong existential (^4, i?) -valuation e and some tt that is 
(e, ^)-compatible with C. We have to show that the former sequent is (tt, e, ^)-valid. If this is not 
the case, A{x^x'^} must be (tt, e, ^)-valid. Let?/'' G Ys\^s{A). Then, since A{x^y^}{y^^x''} 
is equal to A{x^x'''}, we know that A{x^y^}{y^^x'^} is valid in ^ l±l e(e)(7r) l±) tt. Then, 
by the Substitution-Lemma, A{x^y^} is valid in ^ l±l e(e)(7r) l±) tt' for tt' e — > ^ given 
^5\{y^} ^5\{y^'^ '^'{y^) '■= By the standard semantic definition of 

3 and since quantification on x cannot occur in A (as 3a;: A is a formula in our restricted sense, 
cf. § 1.4), this means that 3x:{A{xi-^y"}{y^i-^x}) is valid in ^ l+l e(e)(7r) l±) tt. Since y^ does not 
occur in A, this formula is equal to 3x:A, which means that the former sequent is (tt, e, ^)-valid 
as was to be shown. 

(5 -rule: Firstly, we have to show that C isa(R\ <') -choice-condition. Since x^ ^ Vj(>l)Udom(<) 
and < is a wellfounded ordering, <' := < U <{Vs{A)) x {x''} is a wellfounded ordering 
with x' ^ dom(<'), too. Therefore, R" o <' = 0, and then R' o <' = {RU R") o <' = 
Ro <' = Ro{<U <") = {Ro<)U{Ro <") C RU R" = R'; where the inclusion is due 
to the following: first, we have R o < C R because C is a {R, <) -choice-condition; second, 
in case of zq R zi <" Z2 we have Z2 — x" and there is some z' e Vs{A) with zi < z'; 
then, again by R o < C R^ we get zq R z', i.e. zq R" x^ = Z2. Since < C <', R <Z R' ^ 
C = CU{{x\A{x^x'})}, Vs{C'{x'))\{x'} = mA{x^x'})\{x'} = V,(A)\{,t^} = V,(A) C 
<'{{x'}), and V^{C'{x')) = V^(^{a;i-^a;'}) = V^(^) C R'{{x'}), the remaining requirements for 
C to be a {R', <') -choice-condition are easily checked. 

Secondly, we have to show that {F \/x:A 77} strongly (i?', C")-reduces to {A{xi-^x^} F 77} 
in A. Assume that the latter sequent is (tt, e, ^)-valid for some strong existential 7?' -valuation 
e and some tt that is (e, ^)-compatible with C We have to show that the former sequent is 
(tt, e, ^)-valid. If some formula in 7^77 is (vr, e, ^)-valid, then the former sequent is (tt, e, A)- 
valid, too. Otherwise, this means that A{xi-^x^} is (tt, e, ^)-valid. Since tt is (e, ^)-compatible 
with C, A{x\-^x^} is (tt', e, v4.)- valid for all tt' G — > ^ with v^ia:''} - = MsM^^''^- Since 
V^{A{xh^x^}) X {x*} = V^{A) X {x''} C 7?', we know that A{x^x^} is even valid in ^ i±l 
e(e)(7r) Wtt' for all tt' G — > ^ with yg\{x^ .n' — yg\{xS},T^- By the standard semantic definition 
of V (cf. e.g. Wirth(1997), p. 188) and since quantification on x cannot occur in A (as \fx:A is 
a formula in our restricted sense, cf. § 1.4), this means that yx:{A{xi^x^}{x''\-^x}) is valid in 
A l±) e(e)(7r) l±) tt. Since does not occur in A, this formula is equal to \/x:A, which means that 
the former sequent is (tt, e, ^) -valid as was to be shown. Q.e.d. (Theorem 5.17) 
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"^We do not need the more complicated definitions of a sequent as a pair of lists of formulas 
or as a T/F-tagged list of formulas because we do not consider calculi where the separation of a 
sequent into antecedent and succedent is important, like LJ in Gentzen(1935) or the "symmetric 
Gentzen systems" in SmuUyan (1968). 

^Note that is an mverae (in the sense that RoR~^ — ^^^{r) and i?~^oi? = j.an(ii) ,id 
holds) iff R is an injective function. 

^For the notion of a tree cf. Knuth(1997). As a special feature we would like an explicit 
representation of leaves, such that, when we add the elements of a set G as children to a leaf node 
this / is not a leaf anymore, even if G is empty. 
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^Note that this restriction on is not required for soundness (cf. Theorem 4. 11) but for effi- 
ciency only. 

^Note that this restriction on x'^ is not required for soundness (cf. Theorem 5. 17) but for effi- 
ciency only. 

^Actually, when Eo- is efficiently added to the graph representing R and Ua in order to 
represent R' := Eo-o Ro (f/^o/?)*, an element (m^, x'') E Ea- is simply implemented by drawing 
a new edge from the (possibly new) node for to the old node for x''. (u'' gets a new node iff 
(m^, m^) ^ E^.) Although this graph is not really bipartite in V^- and y,- nodes, when checking for 
acyclicity of Ucr'oR', when finding a new V^-node to be already on the active path, we can detect 
a cycle of V^-nodes simply by asking whether we are coming from a V^-node, in which case we 
skip the new V^-node and do not signal a cycle of U^'oR'. 

^'^We have very recently presented these calculi at the 2"'' Int. Workshop on First-Order Theo- 
rem Proving (FTP) in Nov. 1998 in Vienna (cf. Wirth(1998)), where nobody in the audience was 
able to point out other work in this direction. 
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